WIRELESS NETWORK SECURITY

Size: px
Start display at page:

Download "WIRELESS NETWORK SECURITY"

Transcription

1 WIRELESS NETWORK SECURITY Much attention has been focused recently on the security aspects of existing Wi-Fi (IEEE ) wireless LAN systems. The rapid growth and deployment of these systems into a wide range of networks and for a wide variety of applications drives the need to support security solutions that meet the requirements of a wide variety of customers. This paper discusses traditional security methods, introduces two new enhancements that will soon improve upon WEP, focuses on some practical details of the 802.1x wireless security mechanism, addresses possible security concerns with 802.1x, and closes with a discussion of how to best secure your wireless network using Proxim ORiNOCO products with 802.1x solutions that are available today. Traditional Security Wireless security can be broken into two parts: Authentication and encryption. Authentication mechanisms can be used to identify a wireless client to an access point and vice-versa, while encryption mechanisms ensure that it is not possible to intercept and decode data. For many years, MAC access control lists have been used for authentication, and WEP has been used for encryption. Authentication ORiNOCO access points support MAC authentication of wireless clients, which means that only traffic from authorized MAC addresses will be allowed through the access point. The ORiNOCO access point will determine if a particular MAC address is valid by checking it against either a RADIUS server external to the access point or against a database within the nonvolatile storage of the access point. This is a somewhat weak authentication mechanism because it is can be circumvented, and because authentication is unilateral. It can be circumvented for two reasons. First, software exists to change the MAC address of some cards. Second, authentication is tied to the hardware that a person is using and not to the identity of the user. Therefore, it could be possible to steal a legitimate user s PC and gain illegal access to a network. Unilateral authentication means that the access point authenticates the user, but the user does not authenticate the access point. This unilateral authentication is a problem because an unsuspecting user could associate to a rogue access point and begin passing network usernames and passwords through the illegitimate access point. This would allow hacker to capture the unsuspecting user s credentials to gain access to other network resources. Encryption Much attention has been paid recently to the fact that Wired Equivalent Privacy (WEP) encryption defined by is not an industrial strength encryption protocol. Papers by Borisov 1 and Walker 2 have discussed the vulnerabilities of WEP. The Fluhrer 3 results have resulted in easy to mount 1 Brewer, Borisov, et al, " Security", 2 Walker, Jesse, "Unsafe at any Key Size: an analysis of the WEP encapsulation, November 2000 " 3 Fluhrer, Mantin, Shamir, Weaknesses in the Key Scheduling Algorithm of RC4, August ORiNOCO security paper v2.2 <1> Copyright 2003

2 passive attacks. 4. Despite these findings, WEP is still in general use today either because administrators are not concerned about hackers, or because the wireless network is secured by other means. Virtual Private Networking mechanisms (VPNs) are the most common means to secure wireless networks that are either using WEP encryption or no security at all. The most recent cracks have been implemented in the above referenced AirSnort program which exploits a specific weakness within WEP: weak initialization vectors (IVs). The actual WEP key that is used to encrypt user data is combined of two parts: a 24-bit IV and a 40, 104, or 128-bit user-defined key. The IV is combined with the user key to create the key that is used to encrypt user data. The weak IV problem was solved in ORiNOCO b products soon after the weakness was discovered, and the solution was labeled ORiNOCO WEPplus. ORiNOCO WEPplus enabled equipment chooses not to use these weak IVs during transmit cycles. The transmitting device determines IVs, and the receiving device just follows the transmitting device s instructions. This does not create any compatibility issues between ORiNOCO WEPplus equipment and other vendors less secure equipment. Because the algorithm only functions during transmit cycles, although there are no compatibility issues between ORiNOCO WEPplus and other vendors equipment, weak-key avoidance is only fully effective if ORiNOCO products are used on both ends of the transmission. Both client and access point must use ORiNOCO radios for WEPplus to be effective in both transmit and receive directions. Many wireless administrators elect to forgo WEP altogether and use VPN software for encryption. This option is preferable for public wireless hotspot providers that are trying to attract as many users as possible by keeping client configuration as simple as possible. Hotspot customers use VPN software to connect to their company s network. The VPN option is also preferable to many enterprise administrators because VPN solutions offer the best commercially available encryption strength. VPN software uses advanced encryption mechanisms, such as AES, so that decryption is virtually impossible. 4 ORiNOCO security paper v2.2 <2> Copyright 2003

3 Security Enhancements The IEEE, the organization that created the standard, is responsible for keeping the standard current. The IEEE membership includes many vendors that must follow a strict standards-making process and make compromises in order to agree on any final standard. This process takes a long time, so in order to address market requirements more quickly, the Wi-Fi Alliance has created a market standard called Wi-Fi Protected Access that will be implemented ahead of the i standard i The Security Task Group that is creating the i standard is working to specify stronger encryption algorithms for use in networks. Proxim is participating in this effort to ensure that our products will be compliant with the standard when it is ratified. In the current draft specification, a strengthened version of the RC-4 / per-frame encryption algorithm, and a 128-bit AES encryption algorithm are proposed. Improvements based on feedback from the cryptographic community continue to be incorporated into the draft. We expect that the IEEE i specification will be published at the end of Wi-Fi Protected Access 5 As an intermediate solution that can be applied to existing WLAN hardware, the Wi-Fi Alliance has adopted Wi-Fi Protected Access (WPA). Proxim will implement WPA on client and access point products and make this available in the first half of WPA is a specification of standards-based, interoperable security enhancements that strongly increase the level of data protection and access control for existing and future wireless LAN systems. Designed to run on existing hardware as a software upgrade, Wi-Fi Protected Access is derived from, and will be forward compatible with the upcoming IEEE i standard. When properly installed, it will provide wireless LAN users with a high level of assurance that their data will remain protected and that only authorized network users can access the network. The Wi-Fi Alliance plans to begin interoperability certification testing on Wi-Fi Protected Access products starting in the first half of Wi-Fi Protected Access was created with several goals in mind: A strong, interoperable security replacement for WEP Software upgradeable to existing Wi-Fi certified client products Applicable for both home and large enterprise users Available immediately. To meet these goals, authentication and encryption were improved using parts of the i standard draft. Enhanced Data Encryption through TKIP To improve data encryption, Wi-Fi Protected Access utilizes the Temporal Key Integrity Protocol (TKIP). TKIP provides important data encryption enhancements including a per-packet key mixing function, a message integrity check (MIC) named Michael, an extended initialization vector (IV) with sequencing rules, and a re-keying mechanism. Through these enhancements, TKIP addresses all of WEP s known vulnerabilities. 5 WECA: ORiNOCO security paper v2.2 <3> Copyright 2003

4 Enterprise-level User Authentication via 802.1x and EAP WEP has almost no user authentication mechanism. Wi-Fi Protected Access user authentication is implemented using 802.1x and the Extensible Authentication Protocol (EAP). Together, these technologies provide a framework for strong user authentication. This framework utilizes a central authentication server, which employs mutual authentication so that the wireless user does not accidentally join a rogue network. Wi-Fi Protected Access and IEEE i Comparison Wi-Fi Protected Access will be forward compatible with the IEEE i security specification currently under development. Wi-Fi Protected Access is a subset of the current i draft and uses certain pieces of the i draft that are ready to bring to market today, such as 802.1x and TKIP. The main pieces of the i draft that are not included in Wi-Fi Protected Access are secure IBSS (Ad-Hoc mode), secure fast handoff (for specialized VoIP phones), secure de-authentication and disassociation, as well as enhanced encryption protocols such as AES-CCMP. These features are either not yet ready for market or will require hardware upgrades to implement. Proxim WPAcompliant access points will be available, and Proxim client products will be upgradeable to WPA soon after the standard is ratified x Security Practical Details Unlike WPA and i, 802.1x is available and is widely deployed on wireless networks today. There are three primary ways to authenticate using 802.1x: shared secrets (username/password), certificates, and SIM cards. While this paper focuses on the shared secrets method, each authentication method has advantages and disadvantages 6 and the needs of individual deployments dictate which is used. ORiNOCO products support all three types of authentication, making it possible to retain existing authentication systems, or to maintain the most flexibility while designing new ones. 6 C. Ellison and B. Schneier, Ten Risks of PKI: What You're Not Being Told About Public Key Infrastructure, ORiNOCO security paper v2.2 <4> Copyright 2003

5 Terms Understanding 802.1x requires knowing the names of the different components that make up an 802.1x-secured wireless network. Figure 1 shows the location role of each one of these terms in the authentication process. Supplicant: End User System seeking access to the network Authenticator: Controls access to the network (access point) Authentication Server (RADIUS Server) EAP: EAPOL PAE Basic Operation Authenticates the end user, negotiates key material with the end user, and controls access to the network via the authenticator. Extensible Authentication Protocol: A secure protocol for negotiating other security protocols. EAP Over LAN: The version of EAP that is used over wireless networks. Port Access Entity. PAEs are similar to toggle switches. When the switch is open, no traffic is allowed to pass except for 802.1x traffic. After authentication is successful, the switch closes and user data is allowed to pass. The supplicant negotiates the type of security protocol to be used with the authenticator using the EAP protocol. The properties of the different protocols that can be used across EAPOL and RADIUS are outlined in Table 1. We will discuss the practical use of these protocols later. Using the negotiated protocol, the supplicant provides credentials to the authentication server, and the authentication server provides credentials to the client. After each has been authenticated to the other, the security protocol is then used to negotiate session keys, which are used to encrypt user data. Common EAP types IEEE 802.1x, Port Based Network Authentication 7 uses the Extensible Authentication Protocol (EAP) as its authentication framework. EAP is a transport mechanism, and any defined EAP method can be used within EAP, enabling support for a wide variety of authentication credentials. 7 IEEE: ORiNOCO security paper v2.2 <5> Copyright 2003

6 Figure 1: EAP and 802.1x Common, standards based, non-proprietary EAP authentication methods on the market today include EAP-Transport Layer Security (TLS) 8, EAP-Tunneled TLS (TTLS) 9, and EAP-Protected EAP (PEAP). These methods support mutual authentication based on the two common ways to authenticate an end user or device: digital certificates and shared secrets (username/password). EAP-PEAP is often the easiest to implement because of free client support from Microsoft, and can be just as secure as EAP-TLS if passwords are kept secure. EAP-PEAP does not require the use of client certificates. EAP-TTLS is similar to EAP-PEAP because it does not require client certificates, but instead is based on client passwords. The disadvantage of EAP-TTLS is that it is not free: server and individual client licenses must be purchased from vendors such as Funk or Meetinghouse. EAP-TTLS became available in February of EAP-TLS requires certificates on both the RADIUS server and the wireless client. The distribution of certificates to each client can be challenging if the client-to-network administrator ratio is too high. All three EAP types above have been tested deployed with ORiNOCO access points and client cards. Other EAP types have also been tested and are in use, but they are not mentioned here because their use is not widespread. Table 1 shows that some 802.1x-based systems pass the username in the clear. In these cases, enduser anonymity is not provided. MD5 is particularly vulnerable because the username, machine name, and hashed password are sent in the clear. When a hash of the password is sent data is vulnerable to an offline dictionary attack. Any EAP type that sends either username or password in the clear is neither secure nor recommended. 8 Aboba, B., Simon, D., PPP EAP TLS Authentication Protocol, IETF RFC 2716, 9 Funk, P., Blake-Wilson, S., EAP Tunneled TLS Authentication Protocol (EAP-TTLS), 10 See ORiNOCO security paper v2.2 <6> Copyright 2003

7 EAP Type Open/ Proprietary Mutual Auth Authentication Credentials Supplicant Authenticator Key Material User Name RFC MD5 Open No Username/Pwd None No 1321 TLS Open Certificate Certificate 2716 TTLS Open Username/Pwd Certificate No IETF Draft PEAP Open Username/Pwd Certificate No IETF Draft SIM Open/GSM SIM IETF Draft AKA Open/UMTS USIM IETF Draft SKE Open/CDMA IETF Draft LEAP Proprietary Username/Pwd NA Table 1 EAP Types 802.1x Encryption Attacks like the one launched by AirSnort are the most troublesome for networks, however, they are also the easiest to prevent using two common mechanisms: ORiNOCO s weak key avoidance (WEPplus), together with the key rotation mechanism built into the 802.1x standard and ORiNOCO access points, make it possible to create a secure wireless network. In the existing pre-802.1x specification, neither key distribution nor key rotation mechanisms are specified. With the exception of MD5, all EAP types listed in Table 1 provide a mechanism for the establishment of a session key at the station and the RADIUS server. This session key provides a secure means to periodically transport new encryption keys to the station, so that the keys used to encrypt user data can continuously and securely change. ORiNOCO security paper v2.2 <7> Copyright 2003

8 Attacks against 802.1x A Arbaugh 11 demonstrated two attacks against 802.1x-enabled wireless LAN networks: session hijacking and man-in-the-middle. In addition to the 802.1x attacks described by Arbaugh, it is possible (and more likely) that a hacker might try to use a common AirSnort attack, described earlier in this paper. If encryption with rotating keys is used, none of the attacks described here can be a threat to users of ORiNOCO clients and access points. Session Hijacking Attack The session hijacking attack can only be performed on systems that are using 802.1x with encryption disabled. This is not a secure configuration, and Proxim recommends that encryption is always enabled with a key rotation period of less than 30 minutes. When the hijacked session attack is attempted on the EAP-TLS system, the attacker must 1. Wait until the client has successfully authenticated to the network. 2. Send a disassociate message to the client, on the legitimate access point s behalf, using the MAC address of the access point. 3. Send frames to the valid access point, using the MAC address of the valid client. The hijacked session attack assumes that no encryption is present, because if it were present, the radio perpetrating the attack would not be able to gain access to the network after the hijack because the access point would reject all packets that did not match an encryption key corresponding to a known user. There is not an easy way to decrypt a WEP key generated using 802.1x, so the hijacker cannot create encrypted packets. When no encryption is present, this attack will succeed, allowing the attacker to use the session until the next re-authentication interval. At the next re-authentication time, the attacker would not be re-authenticated. He would then hijack another valid session x wireless networks deployed with encryption enabled are not susceptible to this type of attack, and therefore it is not a concern. Man-in-the-Middle Attack The scenario used by the attacker to implement this attack is as follows: 1. Place a special rogue access point system to be within radio range of both a valid end user and a valid access point. This rogue system has the capability to simultaneously associate with a legitimate access point, while at the same time acting as an access point itself and allowing a legitimate user to associate to it. 2. Using the rogue system, associate to a valid access point as a client station. 3. Wait for a valid user to associate to the rogue system. 4. Transparently act as a repeater between the legitimate user and the legitimate access point, passing frame received from the user to the access point and vice-versa. As noted earlier, all EAP types except MD5 provide the ability to establish encrypted sessions. The man-in-the-middle attacker can observe this encrypted traffic, but cannot do anything malicious because it is encrypted. Encrypted traffic is not compromised by this attack and the attacker does not gain access to the network. The attacker only gains the ability to target a particular user for the denial 11 Arbaugh, W., Mishra, A., An Initial Security Analysis of the 802.1X Standard, ORiNOCO security paper v2.2 <8> Copyright 2003

9 of service attack, which could be more easily perpetrated by a regular access point disconnected from any network. When encryption is not used, the man in the middle will be able to see the user s traffic. This would have also been possible with a network sniffer. Network sniffers can see network traffic of other users, but if that traffic is encrypted, that traffic is useless to any hacker. Therefore, man-in-the-middle type attacks are not a concern. Choosing a Security Mechanism It is possible to compromise any security mechanism with enough brainpower, computer processing power, and time x offers greatly increased security measures over standard security. Maximum encryption strength today is offered by using VPN on top of a wireless network, however, 802.1x is a generally accepted method to implement wireless security in the enterprise. If a network must have the strongest encryption possible, the best solution is to use. If a more conventional and less restrictive method is appealing, use 802.1x. Implementing 802.1x requires supplicant software on the wireless station, and a special type of RADIUS server that is capable of 802.1x authentication. Together with an 802.1x-capable wireless client and access point, they make up a complete 802.1x solution. The following ORiNOCO products will function with the 802.1x solutions that will be discussed below: Wireless client card: Any ORiNOCO a, a/b combo, or b card Wireless Access Point: ORiNOCO AP-600a, AP-600b, or AP-2000 Today, there are three main commercially available RADIUS server solutions. The 802.1x-capable RADIUS server can interface to other authentication servers if the username and password database resides elsewhere. Microsoft s IAS server interfaces to only to Microsoft Domain and Active Directory servers, while Funk and Meetinghouse servers interface to both Microsoft and non-microsoft authentication databases. Listed below are to general combinations of RADIUS servers and supplicants that are used by Proxim customers. Proxim customers are not limited to only the solutions listed below: Solution 1: Microsoft-Centric Reason for choice: EAP type: RADIUS server: Supplicant software: Cost. Microsoft clients are free, and their servers are relatively affordable. PEAP. Microsoft only supports PEAP and TLS. TLS is unwieldy because client certificates must be installed on each machine. PEAP uses username / password authentication. Microsoft Windows 2000 Professional with Internet Authentication Server (IAS) and service pack 3 installed. IAS comes standard with Windows2000 Professional, but it must be explicitly selected during the installation process 802.1x upgrades available on Microsoft s web site for WindowsXP and Windows2000. Go to: If other client support is required, Funk and Meetinghouse have feature-rich PEAP clients that work with Microsoft IAS: ORiNOCO security paper v2.2 <9> Copyright 2003

10 Solution 2: Non-Microsoft Centric Reason for choice: Performance / features. In addition to supporting Windows 98 / ME clients, non-microsoft servers supports the widest range of password protocols and authentication databases, simplifying deployment by permitting the use of any existing authentication system for WLAN user authentication, including Active Directories, token systems, LDAP, and SQL databases. EAP type: TTLS. TTLS is more flexible than PEAP, and unlike TLS, it does not require client-side certificates. RADIUS server: Funk or Meetinghouse XP, 2k, ME, 98, Pocket PC 2002, Mac OS X, and Linux clients are available. Supplicant software: Client software is typically licensed on a per-client basis Conclusion AirSnort and similar types of attacks have proven WEP security provided by the standard insecure. The WLAN industry has responded by creating WPA and i to address these issues in the long term, though these security solutions are not available today. Most of today s security requirements can be met with 802.1x, which provides a solution that is effective and has not yet been broken. Funk, Meetinghouse, and Microsoft all offer 802.1x client and server solutions that are available today and provide security that is adequate for enterprise applications. ORiNOCO security paper v2.2 <10> Copyright 2003

Chapter 2 Wireless Networking Basics

Chapter 2 Wireless Networking Basics Chapter 2 Wireless Networking Basics Wireless Networking Overview Some NETGEAR products conform to the Institute of Electrical and Electronics Engineers (IEEE) 802.11g standard for wireless LANs (WLANs).

More information

State of Kansas. Interim Wireless Local Area Networks Security and Technical Architecture

State of Kansas. Interim Wireless Local Area Networks Security and Technical Architecture State of Kansas Interim Wireless Local Area Networks Security and Technical Architecture October 6, 2005 Prepared for Wireless Policy Committee Prepared by Revision Log DATE Version Change Description

More information

White Paper. Wireless LAN Security. Copyright Madge Limited. All rights reserved.

White Paper. Wireless LAN Security. Copyright Madge Limited. All rights reserved. White Paper Wireless LAN Security Copyright 2002-2003 Madge Limited. All rights reserved. 1 Introduction As wireless LANs become widely deployed, and the business benefits become clear, concern has grown

More information

12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust

12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust Security in Wireless LANs and Mobile Networks Wireless Magnifies Exposure Vulnerability Information going across the wireless link is exposed to anyone within radio range RF may extend beyond a room or

More information

Wi-Fi Protected Access: Strong, standards-based, interoperable security for today s Wi-Fi networks Wi-Fi Alliance April 29, 2003

Wi-Fi Protected Access: Strong, standards-based, interoperable security for today s Wi-Fi networks Wi-Fi Alliance April 29, 2003 Wi-Fi Protected Access: Strong, standards-based, interoperable security for today s Wi-Fi networks Wi-Fi Alliance April 29, 2003 2003 Wi-Fi Alliance. Wi-Fi is a registered trademark of the Wi-Fi Alliance

More information

WIRELESS SECURITY IN 802.11 (WI-FI ) NETWORKS

WIRELESS SECURITY IN 802.11 (WI-FI ) NETWORKS January 2003 January WHITE 2003 PAPER WIRELESS SECURITY IN 802.11 (WI-FI ) NETWORKS With the increasing deployment of 802.11 (or Wi-Fi) wireless networks in business environments, IT organizations are

More information

White paper. Testing for Wi-Fi Protected Access (WPA) in WLAN Access Points. http://www.veryxtech.com

White paper. Testing for Wi-Fi Protected Access (WPA) in WLAN Access Points. http://www.veryxtech.com White paper Testing for Wi-Fi Protected Access (WPA) in WLAN Access Points http://www.veryxtech.com White Paper Abstract Background The vulnerabilities spotted in the Wired Equivalent Privacy (WEP) algorithm

More information

Wireless security. Any station within range of the RF receives data Two security mechanism

Wireless security. Any station within range of the RF receives data Two security mechanism 802.11 Security Wireless security Any station within range of the RF receives data Two security mechanism A means to decide who or what can use a WLAN authentication A means to provide privacy for the

More information

Wireless Security. New Standards for 802.11 Encryption and Authentication. Ann Geyer 209-754-9130 ageyer@tunitas.com www.tunitas.

Wireless Security. New Standards for 802.11 Encryption and Authentication. Ann Geyer 209-754-9130 ageyer@tunitas.com www.tunitas. Wireless Security New Standards for 802.11 Encryption and Authentication Ann Geyer 209-754-9130 ageyer@tunitas.com www.tunitas.com National Conference on m-health and EOE Minneapolis, MN Sept 9, 2003 Key

More information

Wireless LAN Security with 802.1x, EAP-TLS, and PEAP. Steve Riley Senior Consultant MCS Trustworthy Computing Services

Wireless LAN Security with 802.1x, EAP-TLS, and PEAP. Steve Riley Senior Consultant MCS Trustworthy Computing Services Wireless LAN Security with 802.1x, EAP-TLS, and PEAP Steve Riley Senior Consultant MCS Trustworthy Computing Services So what s the problem? WEP is a euphemism Wired Equivalent Privacy Actually, it s a

More information

WiFi Security: Deploying WPA/WPA2/802.1X and EAP in the Enterprise

WiFi Security: Deploying WPA/WPA2/802.1X and EAP in the Enterprise Michael Disabato Service Director Network & Telecom Strategies mdisabato@burtongroup.com Diana Kelley Senior Analyst Security & Risk Management Strategies dkelley@burtongroup.com www.burtongroup.com WiFi

More information

802.11 Security (WEP, WPA\WPA2) 19/05/2009. Giulio Rossetti Unipi Giulio.Rossetti@gmail.com

802.11 Security (WEP, WPA\WPA2) 19/05/2009. Giulio Rossetti Unipi Giulio.Rossetti@gmail.com 802.11 Security (WEP, WPA\WPA2) 19/05/2009 Giulio Rossetti Unipi Giulio.Rossetti@gmail.com 802.11 Security Standard: WEP Wired Equivalent Privacy The packets are encrypted, before sent, with a Secret Key

More information

IT-Sicherheit: Sicherheitsprotokolle. Wireless Security. (unter Benutzung von Material von Brian Lee und Takehiro Takahashi)

IT-Sicherheit: Sicherheitsprotokolle. Wireless Security. (unter Benutzung von Material von Brian Lee und Takehiro Takahashi) IT-Sicherheit: Sicherheitsprotokolle Wireless Security (unter Benutzung von Material von Brian Lee und Takehiro Takahashi) ! 61 ints 5 2 Po ss e c Ac 3 Built in Security Features!!!!!! Service Set Identifier

More information

WEP Overview 1/2. and encryption mechanisms Now deprecated. Shared key Open key (the client will authenticate always) Shared key authentication

WEP Overview 1/2. and encryption mechanisms Now deprecated. Shared key Open key (the client will authenticate always) Shared key authentication WLAN Security WEP Overview 1/2 WEP, Wired Equivalent Privacy Introduced in 1999 to provide confidentiality, authentication and integrity Includes weak authentication Shared key Open key (the client will

More information

Wireless Security for Mobile Computers

Wireless Security for Mobile Computers A Datalogic Mobile and Summit Data Communications White Paper Original Version: June 2008 Update: March 2009 Protecting Confidential and Sensitive Information It is every retailer s nightmare: An attacker

More information

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 6. Wireless Network Security

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 6. Wireless Network Security Security+ Guide to Network Security Fundamentals, Third Edition Chapter 6 Wireless Network Security Objectives Overview of IEEE 802.11 wireless security Define vulnerabilities of Open System Authentication,

More information

Authentication in WLAN

Authentication in WLAN Authentication in WLAN Flaws in WEP (Wired Equivalent Privacy) Wi-Fi Protected Access (WPA) Based on draft 3 of the IEEE 802.11i. Provides stronger data encryption and user authentication (largely missing

More information

Introduction to WiFi Security. Frank Sweetser WPI Network Operations and Security fs@wpi.edu

Introduction to WiFi Security. Frank Sweetser WPI Network Operations and Security fs@wpi.edu Introduction to WiFi Security Frank Sweetser WPI Network Operations and Security fs@wpi.edu Why should I care? Or, more formally what are the risks? Unauthorized connections Stealing bandwidth Attacks

More information

Issues in Wireless Security (WEP, WPA & i)

Issues in Wireless Security (WEP, WPA & i) Issues in Wireless Security (WEP, WPA & 802.11i) Presented to the 18 th Annual Computer Security Applications Conference 11 December 2002 Brian R. Miller, Booz Allen Hamilton 0 Overview Examine current

More information

The Importance of Wireless Security

The Importance of Wireless Security The Importance of Wireless Security Because of the increasing popularity of wireless networks, there is an increasing need for security. This is because unlike wired networks, wireless networks can be

More information

Wireless Technology Seminar

Wireless Technology Seminar Wireless Technology Seminar Introduction Adam Worthington Network Consultant Adam.Worthington@euroele.com Wireless LAN Why? Flexible network access for your users? Guest internet access? VoWIP? RFID? Available

More information

Security in IEEE 802.11 WLANs

Security in IEEE 802.11 WLANs Security in IEEE 802.11 WLANs 1 IEEE 802.11 Architecture Extended Service Set (ESS) Distribution System LAN Segment AP 3 AP 1 AP 2 MS MS Basic Service Set (BSS) Courtesy: Prashant Krishnamurthy, Univ Pittsburgh

More information

Configuring Security Solutions

Configuring Security Solutions CHAPTER 3 This chapter describes security solutions for wireless LANs. It contains these sections: Cisco Wireless LAN Solution Security, page 3-2 Using WCS to Convert a Cisco Wireless LAN Solution from

More information

Wireless LANs and Healthcare: Understanding Security to Ensure Compliance with HIPAA

Wireless LANs and Healthcare: Understanding Security to Ensure Compliance with HIPAA : Understanding Security to Ensure Compliance with HIPAA Healthcare is a natural environment for wireless LAN solutions. With a large mobile population of doctors, nurses, physician s assistants and other

More information

A Dynamic Extensible Authentication Protocol for Device Authentication in Transport Layer Raghavendra.K 1, G. Raghu 2, Sumith N 2

A Dynamic Extensible Authentication Protocol for Device Authentication in Transport Layer Raghavendra.K 1, G. Raghu 2, Sumith N 2 A Dynamic Extensible Authentication Protocol for Device Authentication in Transport Layer Raghavendra.K 1, G. Raghu 2, Sumith N 2 1 Dept of CSE, P.A.College of Engineering 2 Dept of CSE, Srnivas institute

More information

Lecture Objectives. Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks. Agenda. References

Lecture Objectives. Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks. Agenda. References Lecture Objectives Wireless Networks and Mobile Systems Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks Introduce security vulnerabilities and defenses Describe security functions

More information

Implementing Security for Wireless Networks

Implementing Security for Wireless Networks Implementing Security for Wireless Networks Action Items for this session Learn something! Take notes! Fill out that evaluation. I love to see your comments and we want to make these better! Most important:

More information

Wireless Robust Security Networks: Keeping the Bad Guys Out with 802.11i (WPA2)

Wireless Robust Security Networks: Keeping the Bad Guys Out with 802.11i (WPA2) Wireless Robust Security Networks: Keeping the Bad Guys Out with 802.11i (WPA2) SUNY Technology Conference June 21, 2011 Bill Kramp FLCC Network Administrator Copyright 2011 William D. Kramp All Rights

More information

Wireless LAN Access Control and Authentication

Wireless LAN Access Control and Authentication Authors: John Vollbrecht, Founder Interlink Networks, Inc. 5405 Data Court, Suite 300, Ann Arbor, MI 48108, jrv@interlinknetworks.com Robert Moskowitz, Senior Technical Director TruSecure Corporation,

More information

Link Layer and Network Layer Security for Wireless Networks

Link Layer and Network Layer Security for Wireless Networks Link Layer and Network Layer Security for Wireless Networks Interlink Networks, Inc. May 15, 2003 1 LINK LAYER AND NETWORK LAYER SECURITY FOR WIRELESS NETWORKS... 3 Abstract... 3 1. INTRODUCTION... 3 2.

More information

EVOLUTION OF WIRELESS LAN SECURITY ARCHITECTURE TO IEEE 802.11i (WPA2)

EVOLUTION OF WIRELESS LAN SECURITY ARCHITECTURE TO IEEE 802.11i (WPA2) EVOLUTION OF WIRELESS LAN SECURITY ARCHITECTURE TO IEEE 802.11i (WPA2) Moffat Mathews, Ray Hunt Department of Computer Science and Software Engineering, University of Canterbury, New Zealand {ray.hunt@canterbury.ac.nz}

More information

Wi-Fi in Healthcare:

Wi-Fi in Healthcare: Wi-Fi in Healthcare: Security Solutions for Hospital Wi-Fi Networks Wi-Fi Alliance February 2012 The following document and the information contained herein regarding Wi-Fi Alliance programs and expected

More information

Wireless Networking Basics. NETGEAR, Inc. 4500 Great America Parkway Santa Clara, CA 95054 USA

Wireless Networking Basics. NETGEAR, Inc. 4500 Great America Parkway Santa Clara, CA 95054 USA Wireless Networking Basics NETGEAR, Inc. 4500 Great America Parkway Santa Clara, CA 95054 USA n/a October 2005 2005 by NETGEAR, Inc. All rights reserved. Trademarks NETGEAR and Auto Uplink are trademarks

More information

Optimizing Converged Cisco Networks (ONT)

Optimizing Converged Cisco Networks (ONT) Optimizing Converged Cisco Networks (ONT) Module 6: Implement Wireless Scalability Implementing WLAN QoS Objectives Describe why WLANs need to support QoS policies in enterprise networks. Explain the issues

More information

The following chart provides the breakdown of exam as to the weight of each section of the exam.

The following chart provides the breakdown of exam as to the weight of each section of the exam. Introduction The CWSP-205 exam, covering the 2015 objectives, will certify that the successful candidate understands the security weaknesses inherent in WLANs, the solutions available to address those

More information

Table of Contents. Cisco Wi Fi Protected Access 2 (WPA 2) Configuration Example

Table of Contents. Cisco Wi Fi Protected Access 2 (WPA 2) Configuration Example Table of Contents Wi Fi Protected Access 2 (WPA 2) Configuration Example...1 Document ID: 67134...1 Introduction...1 Prerequisites...1 Requirements...1 Components Used...2 Conventions...2 Background Information...2

More information

Security in Wireless Local Area Networks

Security in Wireless Local Area Networks Security in Wireless Local Area Networks T. Andrew Yang + Yasir Zahur 1. Introduction Following the widespread use of the Internet, especially the World Wide Web since 1995, wireless networking has become

More information

Wi-Fi Client Device Security & HIPAA Compliance

Wi-Fi Client Device Security & HIPAA Compliance Wi-Fi Client Device Security & HIPAA Compliance Originally Published: September 2010 Updated: October 2012 A White Paper from Laird Technologies Connecting medical devices to a hospital s Wi-Fi network

More information

IEEE 802.1X For Wireless LANs

IEEE 802.1X For Wireless LANs IEEE 802.1X For Wireless LANs John Roese, Ravi Nalmati, Cabletron Albert Young, 3Com Carl Temme, Bill McFarland, T-Span David Halasz, Aironet Paul Congdon, HP Andrew Smith, Extreme Networks Slide 1 Outline

More information

CS 356 Lecture 29 Wireless Security. Spring 2013

CS 356 Lecture 29 Wireless Security. Spring 2013 CS 356 Lecture 29 Wireless Security Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists Chapter

More information

Extensible Authentication Protocol (EAP) Security Issues

Extensible Authentication Protocol (EAP) Security Issues Sotillo ECU 1 Extensible Authentication Protocol (EAP) Security Issues Samuel Sotillo, Dept. of Technology Systems, East Carolina University Abstract This document describes the Extensible Authentication

More information

Advanced Security Issues in Wireless Networks

Advanced Security Issues in Wireless Networks Advanced Security Issues in Wireless Networks Seminar aus Netzwerke und Sicherheit Security Considerations in Interconnected Networks Alexander Krenhuber Andreas Niederschick 9. Januar 2009 Advanced Security

More information

Wireless Authentication and Encryption: A Primer

Wireless Authentication and Encryption: A Primer Wireless Vulnerability Management Wireless Authentication and Encryption: A Primer Presented by: Hemant Chaskar, PhD Director of Technology AirTight Networks 2008 AirTight Networks, Inc. All Rights Reserved.

More information

Wi-Fi Client Device Security and Compliance with PCI DSS

Wi-Fi Client Device Security and Compliance with PCI DSS Wi-Fi Client Device Security and Compliance with PCI DSS A Summit Data Communications White Paper Original Version: June 2008 Update: January 2009 Protecting Payment Card Information It is every retailer

More information

Enterprise Solutions for Wireless LAN Security Wi-Fi Alliance February 6, 2003

Enterprise Solutions for Wireless LAN Security Wi-Fi Alliance February 6, 2003 Enterprise Solutions for Wireless LAN Security Wi-Fi Alliance February 6, 2003 Executive Summary The threat to network security from improperly secured WLANs is a real and present danger for today s enterprises.

More information

Cisco SAFE: Wireless LAN Security in Depth

Cisco SAFE: Wireless LAN Security in Depth White Paper Cisco SAFE: Wireless LAN Security in Depth Authors Sean Convery (CCIE #4232), Darrin Miller (CCIE #6447), and Sri Sundaralingam are the primary authors of this white paper. Mark Doering, Pej

More information

THE IMPORTANCE OF CRYPTOGRAPHY STANDARD IN WIRELESS LOCAL AREA NETWORKING

THE IMPORTANCE OF CRYPTOGRAPHY STANDARD IN WIRELESS LOCAL AREA NETWORKING International Journal of Electronics and Communication Engineering & Technology (IJECET) Volume 6, Issue 9, Sep 2015, pp. 65-74, Article ID: IJECET_06_09_008 Available online at http://www.iaeme.com/ijecetissues.asp?jtype=ijecet&vtype=6&itype=9

More information

Recommended 802.11 Wireless Local Area Network Architecture

Recommended 802.11 Wireless Local Area Network Architecture NATIONAL SECURITY AGENCY Ft. George G. Meade, MD I332-008R-2005 Dated: 23 September 2005 Network Hardware Analysis and Evaluation Division Systems and Network Attack Center Recommended 802.11 Wireless

More information

Security in Wireless Local Area Network (WLAN)

Security in Wireless Local Area Network (WLAN) The Journal of Mathematics and Computer Science Available online at http://www.tjmcs.com The Journal of Mathematics and Computer Science Vol.5 No.4 (2012) 320-330 Security in Wireless Local Area Network

More information

Network Access Security It's Broke, Now What? June 15, 2010

Network Access Security It's Broke, Now What? June 15, 2010 Network Access Security It's Broke, Now What? June 15, 2010 Jeffrey L Carrell Network Security Consultant Network Conversions SHARKFEST 10 Stanford University June 14-17, 2010 Network Access Security It's

More information

NXC5500/2500. Application Note. 802.11w Management Frame Protection. ZyXEL NXC Application Notes. Version 4.20 Edition 2, 02/2015

NXC5500/2500. Application Note. 802.11w Management Frame Protection. ZyXEL NXC Application Notes. Version 4.20 Edition 2, 02/2015 NXC5500/2500 Version 4.20 Edition 2, 02/2015 Application Note 802.11w Management Frame Protection Copyright 2015 ZyXEL Communications Corporation 802.11w Management Frame Protection Introduction IEEE 802.11w

More information

Agenda. Wireless LAN Security. TCP/IP Protocol Suite (Internet Model) Security for TCP/IP. Agenda. Car Security Story

Agenda. Wireless LAN Security. TCP/IP Protocol Suite (Internet Model) Security for TCP/IP. Agenda. Car Security Story Wireless s June September 00 Agenda Wireless Security ผศ. ดร. อน นต ผลเพ ม Asst. Prof. Anan Phonphoem, Ph.D. anan@cpe.ku.ac.th http://www.cpe.ku.ac.th/~anan Computer Engineering Department Kasetsart University,

More information

CISCO WIRELESS SECURITY SUITE

CISCO WIRELESS SECURITY SUITE Q&A CISCO WIRELESS SECURITY SUITE OVERVIEW What is the Cisco Wireless Security Suite? The Cisco Wireless Security Suite is an enterprise-ready, standards-based, wireless LAN (WLAN) security solution for

More information

UNIVERZITA KOMENSKÉHO V BRATISLAVE FAKULTA MATEMATIKY, FYZIKY A INFORMATIKY PRÍPRAVA ŠTÚDIA MATEMATIKY A INFORMATIKY NA FMFI UK V ANGLICKOM JAZYKU

UNIVERZITA KOMENSKÉHO V BRATISLAVE FAKULTA MATEMATIKY, FYZIKY A INFORMATIKY PRÍPRAVA ŠTÚDIA MATEMATIKY A INFORMATIKY NA FMFI UK V ANGLICKOM JAZYKU UNIVERZITA KOMENSKÉHO V BRATISLAVE FAKULTA MATEMATIKY, FYZIKY A INFORMATIKY PRÍPRAVA ŠTÚDIA MATEMATIKY A INFORMATIKY NA FMFI UK V ANGLICKOM JAZYKU ITMS: 26140230008 DOPYTOVO ORIENTOVANÝ PROJEKT Moderné

More information

Key Hopping A Security Enhancement Scheme for IEEE 802.11 WEP Standards

Key Hopping A Security Enhancement Scheme for IEEE 802.11 WEP Standards White Paper Key Hopping A Security Enhancement Scheme for IEEE 802.11 WEP Standards By Dr. Wen-Ping Ying, Director of Software Development, February 2002 Introduction Wireless LAN networking allows the

More information

Deploying secure wireless network services The Avaya Identity Engines portfolio offers flexible, auditable management for secure wireless networks.

Deploying secure wireless network services The Avaya Identity Engines portfolio offers flexible, auditable management for secure wireless networks. Table of Contents Section 1: Executive summary...1 Section 2: The challenge...2 Section 3: WLAN security...3 and the 802.1X standard Section 4: The solution...4 Section 5: Security...4 Section 6: Encrypted

More information

Symm ym e m t e r t ic i c cr c yptogr ypt aphy a Ex: RC4, AES 2

Symm ym e m t e r t ic i c cr c yptogr ypt aphy a Ex: RC4, AES 2 Wi-Fi Security FEUP>MIEIC>Mobile Communications Jaime Dias Symmetric cryptography Ex: RC4, AES 2 Digest (hash) Cryptography Input: variable length message Output: a fixed-length bit

More information

A Threat Analysis of The Extensible Authentication Protocol

A Threat Analysis of The Extensible Authentication Protocol A Threat Analysis of The Extensible Authentication Protocol Lei Han Student #: 100304821 April, 2006 Supervised by Professor Michel Barbeau School of Computer Science Carleton University Honors Project

More information

Particularities of security design for wireless networks in small and medium business (SMB)

Particularities of security design for wireless networks in small and medium business (SMB) Revista Informatica Economică, nr. 4 (44)/2007 93 Particularities of security design for wireless networks in small and medium business (SMB) Nicolae TOMAI, Cluj-Napoca, Romania, tomai@econ.ubbcluj.ro

More information

Certified Wireless Security Professional (CWSP) Course Overview

Certified Wireless Security Professional (CWSP) Course Overview Certified Wireless Security Professional (CWSP) Course Overview This course will teach students about Legacy Security, encryption ciphers and methods, 802.11 authentication methods, dynamic encryption

More information

The next generation of knowledge and expertise Wireless Security Basics

The next generation of knowledge and expertise Wireless Security Basics The next generation of knowledge and expertise Wireless Security Basics HTA Technology Security Consulting., 30 S. Wacker Dr, 22 nd Floor, Chicago, IL 60606, 708-862-6348 (voice), 708-868-2404 (fax), www.hta-inc.com

More information

Certficate Extensions and Attributes Supporting Authentication in PPP and Wireless LAN. Daniel Schwarz

Certficate Extensions and Attributes Supporting Authentication in PPP and Wireless LAN. Daniel Schwarz Certficate Extensions and Attributes Supporting Authentication in PPP and Wireless LAN Daniel Schwarz Overview: 1. Introduction I. PKIX 2. Basics I. PPP II. EAP III. 802.1x IV. X.509 certificate extensions

More information

Security. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

Security. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1 Contents Security requirements Public key cryptography Key agreement/transport schemes Man-in-the-middle attack vulnerability Encryption. digital signature, hash, certification Complete security solutions

More information

WLAN - Good Security Principles. WLAN - Good Security Principles. Example of War Driving in Hong Kong* WLAN - Good Security Principles

WLAN - Good Security Principles. WLAN - Good Security Principles. Example of War Driving in Hong Kong* WLAN - Good Security Principles WLAN Security.. from this... Security Architectures and Protocols in Wireless LANs (Section 3) 1 2 WLAN Security.. to this... How Security Breaches Occur 3 War (wide area roaming) Driving/War Chalking

More information

Using IEEE 802.1x to Enhance Network Security

Using IEEE 802.1x to Enhance Network Security Using IEEE 802.1x to Enhance Network Security Table of Contents Introduction...2 Terms and Technology...2 Understanding 802.1x...3 Introduction...3 802.1x Authentication Process...3 Before Authentication...3

More information

DESIGNING AND DEPLOYING SECURE WIRELESS LANS. Karl McDermott Cisco Systems Ireland kamcderm@cisco.com

DESIGNING AND DEPLOYING SECURE WIRELESS LANS. Karl McDermott Cisco Systems Ireland kamcderm@cisco.com DESIGNING AND DEPLOYING SECURE WIRELESS LANS Karl McDermott Cisco Systems Ireland kamcderm@cisco.com 1 Agenda Wireless LAN Security Overview WLAN Security Authentication and Encryption Radio Monitoring

More information

Wireless Network Standard and Guidelines

Wireless Network Standard and Guidelines Wireless Network Standard and Guidelines Purpose The standard and guidelines listed in this document will ensure the uniformity of wireless network access points and provide guidance for monitoring, maintaining

More information

vwlan External RADIUS 802.1x Authentication

vwlan External RADIUS 802.1x Authentication 6ABSCG0002-29B July 2013 Configuration Guide vwlan External RADIUS 802.1x Authentication This configuration guide provides an in-depth look at external Remote Authentication Dial-In User Service (RADIUS)

More information

Wireless Local Area Network Security Obscurity Through Security

Wireless Local Area Network Security Obscurity Through Security Wireless Local Area Network Security Obscurity Through Security Abstract Since the deployment of infamous Wired Equivalent Privacy (WEP), IEEE and vendors have developed a number of good security mechanisms

More information

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 8 Authentication

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 8 Authentication Security+ Guide to Network Security Fundamentals, Third Edition Chapter 8 Authentication Objectives Define authentication Describe the different types of authentication credentials List and explain the

More information

Your 802.11 Wireless Network has No Clothes

Your 802.11 Wireless Network has No Clothes Your 802.11 Wireless Network has No Clothes William A. Arbaugh Narendar Shankar Y.C. Justin Wan Department of Computer Science University of Maryland College Park, Maryland 20742 March 30, 2001 Abstract

More information

Application Note: Onsight Device VPN Configuration V1.1

Application Note: Onsight Device VPN Configuration V1.1 Application Note: Onsight Device VPN Configuration V1.1 Table of Contents OVERVIEW 2 1 SUPPORTED VPN TYPES 2 1.1 OD VPN CLIENT 2 1.2 SUPPORTED PROTOCOLS AND CONFIGURATION 2 2 OD VPN CONFIGURATION 2 2.1

More information

ProCurve Wireless LAN Security

ProCurve Wireless LAN Security ProCurve Wireless LAN Security Fundamentals Guide Technical Training Version 8.21 Contents ProCurve Wireless LAN Security Fundamentals Introduction... 1 Objectives... 1 Discussion Topics... 2 Authentication

More information

ALL1682511. 500Mbits Powerline WLAN N Access Point. User s Manual

ALL1682511. 500Mbits Powerline WLAN N Access Point. User s Manual ALL1682511 500Mbits Powerline WLAN N Access Point User s Manual Contents 1. Introduction...1 2. System Requirements...1 3. Configuration...1 4. WPS...9 5. Wireless AP Settings...9 6. FAQ... 15 7. Glossary...

More information

Lecture 24 Wireless Network Security. modified from slides of Lawrie Brown

Lecture 24 Wireless Network Security. modified from slides of Lawrie Brown Lecture 24 Wireless Network Security modified from slides of Lawrie Brown Wireless Security Overview concerns for wireless security are similar to those found in a wired environment security requirements

More information

Wireless Networks. Welcome to Wireless

Wireless Networks. Welcome to Wireless Wireless Networks 11/1/2010 Wireless Networks 1 Welcome to Wireless Radio waves No need to be physically plugged into the network Remote access Coverage Personal Area Network (PAN) Local Area Network (LAN)

More information

ACC-232 2002, Cisco Systems, Inc. All rights reserved.

ACC-232 2002, Cisco Systems, Inc. All rights reserved. 1 2 Securing 802.11 Wireless Networks Session 3 Session Information Basic understanding of components of 802.11 networks Please save questions until the end 4 Agenda Drivers for Wireless Security Wireless

More information

WLAN Attacks. Wireless LAN Attacks and Protection Tools. (Section 3 contd.) Traffic Analysis. Passive Attacks. War Driving. War Driving contd.

WLAN Attacks. Wireless LAN Attacks and Protection Tools. (Section 3 contd.) Traffic Analysis. Passive Attacks. War Driving. War Driving contd. Wireless LAN Attacks and Protection Tools (Section 3 contd.) WLAN Attacks Passive Attack unauthorised party gains access to a network and does not modify any resources on the network Active Attack unauthorised

More information

Security Technical. Overview. BlackBerry Enterprise Service 10. BlackBerry Device Service Solution Version: 10.2

Security Technical. Overview. BlackBerry Enterprise Service 10. BlackBerry Device Service Solution Version: 10.2 BlackBerry Enterprise Service 10 BlackBerry Device Service Solution Version: 10.2 Security Technical Overview Published: 2014-09-10 SWD-20140908123239883 Contents 1 About BlackBerry Device Service solution

More information

Authentication and Security in IP based Multi Hop Networks

Authentication and Security in IP based Multi Hop Networks 7TH WWRF MEETING IN EINDHOVEN, THE NETHERLANDS 3RD - 4TH DECEMBER 2002 1 Authentication and Security in IP based Multi Hop Networks Frank Fitzek, Andreas Köpsel, Patrick Seeling Abstract Network security

More information

Cisco Secure ACS. By Igor Koudashev, Systems Engineer, Cisco Systems Australia ivk@cisco.com. 2006 Cisco Systems, Inc. All rights reserved.

Cisco Secure ACS. By Igor Koudashev, Systems Engineer, Cisco Systems Australia ivk@cisco.com. 2006 Cisco Systems, Inc. All rights reserved. Cisco Secure ACS Overview By Igor Koudashev, Systems Engineer, Cisco Systems Australia ivk@cisco.com 2006 Cisco Systems, Inc. All rights reserved. 1 Cisco Secure Access Control System Policy Control and

More information

Linux Access Point and IPSec Bridge

Linux Access Point and IPSec Bridge Tamkang Journal of Science and Engineering, Vol. 6, No. 2, pp. 121-126 (2003) 121 Linux Access Point and IPSec Bridge T. H. Tseng and F. Ye Department of Electrical Engineering Tamkang University Tamsui,

More information

Wi-Fi Client Device Security and Compliance with PCI DSS

Wi-Fi Client Device Security and Compliance with PCI DSS Wi-Fi Client Device Security and Compliance with PCI DSS Originally Published: June 2008 Updated: January 2009, June 2010, October 2012 A White Paper from Laird Technologies Major payment card companies

More information

802.1X AUTHENTICATION IN ACKSYS BRIDGES AND ACCESS POINTS

802.1X AUTHENTICATION IN ACKSYS BRIDGES AND ACCESS POINTS APPLICATION NOTE Ref APNUS004 rev. A-0, March 08, 2007 802.1X AUTHENTICATION IN ACKSYS BRIDGES AND ACCESS POINTS Why? In addition to MAC address filtering, ACKSYS products support a more reliable authentication

More information

DATA SECURITY 1/12. Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0

DATA SECURITY 1/12. Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0 DATA SECURITY 1/12 Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0 Contents 1. INTRODUCTION... 3 2. REMOTE ACCESS ARCHITECTURES... 3 2.1 DIAL-UP MODEM ACCESS... 3 2.2 SECURE INTERNET ACCESS

More information

Configure Workgroup Bridge on the WAP351

Configure Workgroup Bridge on the WAP351 Article ID: 5047 Configure Workgroup Bridge on the WAP351 Objective The Workgroup Bridge feature enables the Wireless Access Point (WAP) to bridge traffic between a remote client and the wireless LAN that

More information

Huawei WLAN Authentication and Encryption

Huawei WLAN Authentication and Encryption Huawei WLAN Authentication and Encryption The Huawei integrated Wireless Local Area Network (WLAN) solution can provide all-round services for municipalities at various levels and enterprises and institutions

More information

ClickShare Network Integration

ClickShare Network Integration ClickShare Network Integration Application note 1 Introduction ClickShare Network Integration aims at deploying ClickShare in larger organizations without interfering with the existing wireless network

More information

A SURVEY OF WIRELESS NETWORK SECURITY PROTOCOLS

A SURVEY OF WIRELESS NETWORK SECURITY PROTOCOLS A SURVEY OF WIRELESS NETWORK SECURITY PROTOCOLS Jose Perez Texas A&M University Corpus Christi Email: jluisperez16@gmail.com Fax Number: (361) 825-2795 Faculty Advisor: Dr. Ahmed Mahdy, Texas A&M University

More information

Wireless LAN Security

Wireless LAN Security Wireless LAN Security WEP: Overview WEP = Wired Equivalency Protocol RC4 stream cipher Purposes: Authentication Packet Encryption Uses single key to authenticate all network users and encrypt all packets

More information

Cisco Secure Access Control Server 4.2 for Windows

Cisco Secure Access Control Server 4.2 for Windows Cisco Secure Access Control Server 4.2 for Windows Overview Q. What is Cisco Secure Access Control Server (ACS)? A. Cisco Secure ACS is a highly scalable, high-performance access control server that operates

More information

New Avatars of Honeypot Attacks on WiFi Networks

New Avatars of Honeypot Attacks on WiFi Networks New Avatars of Honeypot Attacks on WiFi Networks Prabhash Dhyani Wireless Security Researcher,Airtight Networks,Pune Email: prabhash.dhyani@airtightnetworks.com Abstract WiFi has become mainstream technology

More information

WIRELESS SECURITY. Information Security in Systems & Networks Public Development Program. Sanjay Goel University at Albany, SUNY Fall 2006

WIRELESS SECURITY. Information Security in Systems & Networks Public Development Program. Sanjay Goel University at Albany, SUNY Fall 2006 WIRELESS SECURITY Information Security in Systems & Networks Public Development Program Sanjay Goel University at Albany, SUNY Fall 2006 1 Wireless LAN Security Learning Objectives Students should be able

More information

All vulnerabilities that exist in conventional wired networks apply and likely easier Theft, tampering of devices

All vulnerabilities that exist in conventional wired networks apply and likely easier Theft, tampering of devices Wireless Security All vulnerabilities that exist in conventional wired networks apply and likely easier Theft, tampering of devices Portability Tamper-proof devices? Intrusion and interception of poorly

More information

Securing WLAN: From WEP to WPA

Securing WLAN: From WEP to WPA Securing WLAN: From WEP to WPA Demian Machta Computer Security CS574 Instructor : T.Perrine Word count: 3270 San Diego State University, Fall 2003 dmachta@eresmas.com 1 Index I. Introduction.3 II. Wired

More information

MB8000 Network Security and Access Control Overview

MB8000 Network Security and Access Control Overview MB8000 Network Security and Access Control Overview MB8000 employs almost all of the current popular WLAN security mechanisms. These include wireless-user isolation, closed system (by turning off SSID

More information

WLAN Information Security Best Practice Document

WLAN Information Security Best Practice Document WLAN Information Security Best Practice Document Produced by FUNET led working group on wireless systems and mobility (MobileFunet) (WLAN security) Author: Wenche Backman Contributors: Ville Mattila/CSC

More information

Industrial Communication. Securing Industrial Wireless

Industrial Communication. Securing Industrial Wireless Industrial Communication Whitepaper Securing Industrial Wireless Contents Introduction... 3 Wireless Applications... 4 Potential Threats... 5 Denial of Service... 5 Eavesdropping... 5 Rogue Access Point...

More information

WiFi Security: WEP, WPA, and WPA2

WiFi Security: WEP, WPA, and WPA2 WiFi Security: WEP, WPA, and WPA2 - security requirements in wireless networks - WiFi primer - WEP and its flaws - 802.11i - WPA and WPA2 (RSN) Why security is more of a concern in wireless? no inherent

More information

Self Help Guide IMPORTANT! Securing Your Wireless Network. This Guide refers to the following Products: Please read the following carefully; Synopsis:

Self Help Guide IMPORTANT! Securing Your Wireless Network. This Guide refers to the following Products: Please read the following carefully; Synopsis: IMPORTANT! This Guide refers to the following Products: Securing Your Wireless Network Please read the following carefully; Synopsis: This Guide is designed to help you if you have a Wireless Network that

More information